SWITCH Security-Blog

SWITCH-CERT IT-Security Blog


Leave a comment

The May/June 2019 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • Brought to light: Federal Crime Office closes down the world’s second largest illegal dark web marketplace
  • WhatsApp, state trojans? Or, why the city of San Francisco protects privacy better than Mark Zuckerberg’s messenger app
  • Privacy at Facebook, part two: when the lawyer contradicts the boss
  • Symmetry as a fundamental principle: now that we have software as a service, it is only a matter of time before we have cybercrime as a service

The Security Report is available in both English and German.

»»  Download the English report.     »»  Download the German report.

 


Leave a comment

The Drama of Awareness – using Aristotle and Brecht to raise awareness: Part II

In the previous article, we were looking for inspiration on how to raise security awareness in Aristotle’s approach to artistic communication between actor and audience. His Theater of Illusion with its catharsis momentum gave us some insights on how to manufacture communications measures in order to achieve a learning process by proxy.

In the present article, we’re going to have a closer look at Brecht’s more modern concept of Epic Theater. The German playwright strives to move away from the Theatre of Illusion, from identification and purification, towards the active re-evaluation of reality by the audience.

Continue reading


1 Comment

The Drama of Awareness – using Aristotle and Brecht to raise awareness: Part I

There is a lot of drama surrounding the subject of security awareness. Whether it is because of the limited resources available in the face of ever-increasing demand, or the fact that awareness measures are still largely the responsibility of technically trained security experts – one could say that security awareness is surrounded by an air of tragedy.

How can you get users to manage data and devices securely? People have long wondered how to craft a message that moves people (to do something) – since well before the invention of advertising or awareness campaigns. It’s the same problem that lies at the heart of artistic communication between actor and audience. This article is, therefore, not about drama in the proverbial sense, but rather about literary drama as a work of art (of the theatre). Can literary scholarship provide us with insightful answers to this big question? First, we’re going to have a look at Aristotle  and the Classical Drama. Continue reading


1 Comment

DNSSEC Usage in Switzerland is on the rise after widespread attacks on the Domain Name System

Attacks on the DNS System

Cyber attacks on the DNS system are not new. Cache poisoning, Domain Hijacking and BGP injections of routes to public DNS resolvers happen regularly, but they usually don’t get much attention as they target the Internet’s core infrastructure and are not directly visible to end users in most cases. This time it was different. The recent widespread DNS hijacking attacks on several Mid East, North African and European and North American governments and infrastructure providers, published by Ciscos Talos showed that DNS attacks are a real threat to cyber security. Netnod, one of the affected infrastructure providers issued a statement, that called, amongst other domain security mechanisms, for the implementation of the DNS Security Extensions (DNSSEC).

The analysis of these attacks also convinced the Internet Corporation for Assigned Names and Numbers (ICANN) that there is an ongoing and significant risk to key parts of the System (DNS) infrastructure. ICANN issued a call for “Full DNSSEC Deployment to Protect the Internet” across all unsecured domain names.

The question is if  these attacks and the awareness that DNSSEC is an absolute essential base layer protection for domain names had some effects on the Implementation of DNSSEC Switzerland?

More DNSSEC signed domain names

As a ccTLD operator SWITCH publishes the number of DNSSEC signed .ch and .li domain names every month. While the number of signed domain names is still very low at around 3-4% we see a rise in the numbers of signed domain names for two years now.

DNSSEC signed .ch domain names 1.4.2019

Continue reading


The January/February 2019 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • Company networks at serious risk: recent waves of malspam have been spreading the multifunctional trojan Emotet, targeting Windows devices in particular
  • Phishing, porn, data theft: rogue apps appearing as a new and harmful type of ‘non-sellers’ on Google Play and other app stores
  • Spy Time now also available for Apple devices – Serious security vulnerabilities allow outsiders to eavesdrop on FaceTime conversations and steal passwords from Keychain in MacOS
  • Alexa home alone, nuclear attack via Nest and a new password law in California – what happens when IoT gadgets run amok?

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.


The November/December 2018 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • SiSyPHuS gives Windows 10 low marks for data protection and security
  • Vivy app suffering from multiple diseases: security researchers uncover several vulnerabilities in the patient data app
  • Facing court: Chinese facial recognition unfairly lands big entrepreneur in hot water
  • Not exactly cuddly: data protection authority imposes first GDPR fines after hacking attack

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.


The Sep/Oct 2018 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our SWITCH Security Report has just been released.

The topics covered in this report are:

  • Turning Good instead of Breaking Bad? Hacking to fend off other hackers
  • What do a firefighter and Google Chrome 69 have in common?
  • 15 months later: new attacks, same old vulnerability
  • Peekaboo exploits vulnerability in surveillance cameras in a major way

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.